代码之家 › 专栏 › 技术社区 › Ooker

如何从blob中删除秘密?

secret-key blob github git

0

Ooker · 技术社区 · 1 年前

一、 git push 一个repo并出现以下错误:

remote: - GITHUB PUSH PROTECTION
remote:   âââââââââââââââââââââââââââââââââââââââââ
remote:     Resolve the following violations before pushing again
remote:
remote:     - Push cannot contain secrets
remote:
remote:
remote:      (?) Learn how to resolve a blocked push
remote:      https://docs.github.com/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#resolving-a-blocked-push
remote:
remote:      (?) This repository does not have Secret Scanning enabled, but is eligible. Enable Secret Scanning to view and manage detected secrets.
remote:      Visit the repository settings page, https://github.com/QuaCau-TheSphere/BV-ton-tai-trong-the-gioi-tu-ban/settings/security_analysis
remote:
remote:
remote:       ââ GitHub Personal Access Token ââââââââââââââââââââââ
remote:        locations:
remote:          - blob id: 1fbb1eec3113333f234104065cc2da11870dd9c7
remote:          - blob id: 1fbb1eec3113333f234104065cc2da11870dd9c7
remote:          - blob id: 1fbb1eec3113333f234104065cc2da11870dd9c7
remote:          - blob id: 1fbb1eec3113333f234104065cc2da11870dd9c7
remote:          - blob id: 1fbb1eec3113333f234104065cc2da11870dd9c7
remote:
remote:        (?) To push, remove secret from commit(s) or follow this URL to allow the secret.
remote:        https://github.com/QuaCau-TheSphere/BV-ton-tai-trong-the-gioi-tu-ban/security/secret-scanning/unblock-secret/2rQiwV6UWe7GhaSG1sleJtFzFHX
remote:
remote:
remote:     ââ[ WARNING ]âââââââââââââââââââââââââââââââââââââââââ
remote:      Scan incomplete: This push was large and we didn't finish on time.
remote:      It can still contain undetected secrets.
remote:
remote:      (?) Use the following command to find the path of the detected secret(s):
remote:          git rev-list --objects --all | grep blobid
remote:     ââââââââââââââââââââââââââââââââââââââââââââââââââââââ

我跟着 Working with push protection from the command line - GitHub Docs 并执行以下操作:

git rebase -i 1fbb1eec3113333f234104065cc2da11870dd9c7~1

错误:

error: object 1fbb1eec3113333f234104065cc2da11870dd9c7 is a blob, not a commit
fatal: invalid upstream '1fbb1eec3113333f234104065cc2da11870dd9c7~1'

网上搜索 git rebase a blob 没有结果。接下来我该怎么办?

1 回复 | 直到 1 年前

1

dani-vta 1 年前

这个 step 4 你链接的指南说

使用git rebase-i<启动交互式rebase;COMMIT-ID>~1.

相反,您提供了包含秘密的blob的SHA1,而不是用于重基的提交的SHA1。如果你需要知道包含有罪blob的提交,你可以运行 git log 与 --find-object blob id附带的选项。

git log --all --find-object=1fbb1eec3113333f234104065cc2da11870dd9c7

如果该命令只返回一个提交,则从之前的提交重设基础,否则从返回的历史中最远的提交之前的提交重新设基础。

git rebase -i <furthest-commit-id>~1